Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1fa3030

Browse files
geoffw0geoffw0
committed
CPP: Libraries: Separate deallocation libraries.
1 parent a51da53 commit 1fa3030

6 files changed

Lines changed: 155 additions & 140 deletions

File tree

cpp/ql/src/semmle/code/cpp/commons/Alloc.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import cpp
22
import semmle.code.cpp.models.interfaces.Allocation
3+
import semmle.code.cpp.models.interfaces.Deallocation
34

45
/**
56
* A library routine that allocates memory.

cpp/ql/src/semmle/code/cpp/models/Models.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
private import implementations.Allocation
2+
private import implementations.Deallocation
23
private import implementations.IdentityFunction
34
private import implementations.Inet
45
private import implementations.Memcpy

cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll

Lines changed: 0 additions & 116 deletions
Original file line numberDiff line numberDiff line change
@@ -209,119 +209,3 @@ class NewArrayAllocationExpr extends AllocationExpr, NewArrayExpr {
209209
result = getAllocatedType().getSize()
210210
}
211211
}
212-
213-
/**
214-
* A deallocation function such as `free`.
215-
*/
216-
class StandardDeallocationFunction extends DeallocationFunction {
217-
int freedArg;
218-
219-
StandardDeallocationFunction() {
220-
exists(string name |
221-
hasGlobalName(name) and
222-
(
223-
name = "free" and freedArg = 0
224-
or
225-
name = "realloc" and freedArg = 0
226-
)
227-
or
228-
hasGlobalOrStdName(name) and
229-
(
230-
name = "ExFreePoolWithTag" and freedArg = 0
231-
or
232-
name = "ExFreeToLookasideListEx" and freedArg = 1
233-
or
234-
name = "ExFreeToPagedLookasideList" and freedArg = 1
235-
or
236-
name = "ExFreeToNPagedLookasideList" and freedArg = 1
237-
or
238-
name = "ExDeleteTimer" and freedArg = 0
239-
or
240-
name = "IoFreeMdl" and freedArg = 0
241-
or
242-
name = "IoFreeWorkItem" and freedArg = 0
243-
or
244-
name = "IoFreeErrorLogEntry" and freedArg = 0
245-
or
246-
name = "MmFreeContiguousMemory" and freedArg = 0
247-
or
248-
name = "MmFreeContiguousMemorySpecifyCache" and freedArg = 0
249-
or
250-
name = "MmFreeNonCachedMemory" and freedArg = 0
251-
or
252-
name = "MmFreeMappingAddress" and freedArg = 0
253-
or
254-
name = "MmFreePagesFromMdl" and freedArg = 0
255-
or
256-
name = "MmUnmapReservedMapping" and freedArg = 0
257-
or
258-
name = "MmUnmapLockedPages" and freedArg = 0
259-
or
260-
name = "LocalFree" and freedArg = 0
261-
or
262-
name = "GlobalFree" and freedArg = 0
263-
or
264-
name = "HeapFree" and freedArg = 2
265-
or
266-
name = "VirtualFree" and freedArg = 0
267-
or
268-
name = "CoTaskMemFree" and freedArg = 0
269-
or
270-
name = "SysFreeString" and freedArg = 0
271-
or
272-
name = "LocalReAlloc" and freedArg = 0
273-
or
274-
name = "GlobalReAlloc" and freedArg = 0
275-
or
276-
name = "HeapReAlloc" and freedArg = 2
277-
or
278-
name = "CoTaskMemRealloc" and freedArg = 0
279-
)
280-
)
281-
}
282-
283-
override int getFreedArg() {
284-
result = freedArg
285-
}
286-
}
287-
288-
/**
289-
* An deallocation expression that is a function call, such as call to `free`.
290-
*/
291-
class CallDeallocationExpr extends DeallocationExpr, FunctionCall {
292-
DeallocationFunction target;
293-
294-
CallDeallocationExpr() {
295-
target = getTarget()
296-
}
297-
298-
override Expr getFreedExpr() {
299-
result = getArgument(target.getFreedArg())
300-
}
301-
}
302-
303-
/**
304-
* An deallocation expression that is a `delete` expression.
305-
*/
306-
class DeleteDeallocationExpr extends DeallocationExpr, DeleteExpr {
307-
DeleteDeallocationExpr() {
308-
this instanceof DeleteExpr
309-
}
310-
311-
override Expr getFreedExpr() {
312-
result = getExpr()
313-
}
314-
}
315-
316-
/**
317-
* An deallocation expression that is a `delete []` expression.
318-
*/
319-
class DeleteArrayDeallocationExpr extends DeallocationExpr, DeleteArrayExpr {
320-
DeleteArrayDeallocationExpr() {
321-
this instanceof DeleteArrayExpr
322-
}
323-
324-
override Expr getFreedExpr() {
325-
result = getExpr()
326-
}
327-
}

cpp/ql/src/semmle/code/cpp/models/implementations/Deallocation.qll

Lines changed: 117 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
import semmle.code.cpp.models.interfaces.Allocation
2+
3+
/**
4+
* A deallocation function such as `free`.
5+
*/
6+
class StandardDeallocationFunction extends DeallocationFunction {
7+
int freedArg;
8+
9+
StandardDeallocationFunction() {
10+
exists(string name |
11+
hasGlobalName(name) and
12+
(
13+
name = "free" and freedArg = 0
14+
or
15+
name = "realloc" and freedArg = 0
16+
)
17+
or
18+
hasGlobalOrStdName(name) and
19+
(
20+
name = "ExFreePoolWithTag" and freedArg = 0
21+
or
22+
name = "ExFreeToLookasideListEx" and freedArg = 1
23+
or
24+
name = "ExFreeToPagedLookasideList" and freedArg = 1
25+
or
26+
name = "ExFreeToNPagedLookasideList" and freedArg = 1
27+
or
28+
name = "ExDeleteTimer" and freedArg = 0
29+
or
30+
name = "IoFreeMdl" and freedArg = 0
31+
or
32+
name = "IoFreeWorkItem" and freedArg = 0
33+
or
34+
name = "IoFreeErrorLogEntry" and freedArg = 0
35+
or
36+
name = "MmFreeContiguousMemory" and freedArg = 0
37+
or
38+
name = "MmFreeContiguousMemorySpecifyCache" and freedArg = 0
39+
or
40+
name = "MmFreeNonCachedMemory" and freedArg = 0
41+
or
42+
name = "MmFreeMappingAddress" and freedArg = 0
43+
or
44+
name = "MmFreePagesFromMdl" and freedArg = 0
45+
or
46+
name = "MmUnmapReservedMapping" and freedArg = 0
47+
or
48+
name = "MmUnmapLockedPages" and freedArg = 0
49+
or
50+
name = "LocalFree" and freedArg = 0
51+
or
52+
name = "GlobalFree" and freedArg = 0
53+
or
54+
name = "HeapFree" and freedArg = 2
55+
or
56+
name = "VirtualFree" and freedArg = 0
57+
or
58+
name = "CoTaskMemFree" and freedArg = 0
59+
or
60+
name = "SysFreeString" and freedArg = 0
61+
or
62+
name = "LocalReAlloc" and freedArg = 0
63+
or
64+
name = "GlobalReAlloc" and freedArg = 0
65+
or
66+
name = "HeapReAlloc" and freedArg = 2
67+
or
68+
name = "CoTaskMemRealloc" and freedArg = 0
69+
)
70+
)
71+
}
72+
73+
override int getFreedArg() {
74+
result = freedArg
75+
}
76+
}
77+
78+
/**
79+
* An deallocation expression that is a function call, such as call to `free`.
80+
*/
81+
class CallDeallocationExpr extends DeallocationExpr, FunctionCall {
82+
DeallocationFunction target;
83+
84+
CallDeallocationExpr() {
85+
target = getTarget()
86+
}
87+
88+
override Expr getFreedExpr() {
89+
result = getArgument(target.getFreedArg())
90+
}
91+
}
92+
93+
/**
94+
* An deallocation expression that is a `delete` expression.
95+
*/
96+
class DeleteDeallocationExpr extends DeallocationExpr, DeleteExpr {
97+
DeleteDeallocationExpr() {
98+
this instanceof DeleteExpr
99+
}
100+
101+
override Expr getFreedExpr() {
102+
result = getExpr()
103+
}
104+
}
105+
106+
/**
107+
* An deallocation expression that is a `delete []` expression.
108+
*/
109+
class DeleteArrayDeallocationExpr extends DeallocationExpr, DeleteArrayExpr {
110+
DeleteArrayDeallocationExpr() {
111+
this instanceof DeleteArrayExpr
112+
}
113+
114+
override Expr getFreedExpr() {
115+
result = getExpr()
116+
}
117+
}

cpp/ql/src/semmle/code/cpp/models/interfaces/Allocation.qll

Lines changed: 4 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
/**
22
* Provides an abstract class for modelling functions and expressions that
3-
* allocate or deallocate memory, such as the standard `malloc` function. To
4-
* use this QL library, create one or more QL classes extending classes here
5-
* with a characteristic predicate that selects the functions or expressions
6-
* you are trying to model. Within that class, override the predicates provided
3+
* allocate memory, such as the standard `malloc` function. To use this QL
4+
* library, create one or more QL classes extending a class here with a
5+
* characteristic predicate that selects the functions or expressions you are
6+
* trying to model. Within that class, override the predicates provided
77
* by the abstract class to match the specifics of those functions or
88
* expressions. Finally, add a private import statement to `Models.qll`.
99
*/
@@ -64,23 +64,3 @@ abstract class AllocationExpr extends Expr {
6464
*/
6565
Expr getReallocPtr() { none() }
6666
}
67-
68-
/**
69-
* A deallocation function such as `free`.
70-
*/
71-
abstract class DeallocationFunction extends Function {
72-
/**
73-
* Gets the index of the argument that is freed by this function.
74-
*/
75-
int getFreedArg() { none() }
76-
}
77-
78-
/**
79-
* An deallocation expression such as call to `free` or a `delete` expression.
80-
*/
81-
abstract class DeallocationExpr extends Expr {
82-
/**
83-
* Gets the expression that is freed by this function.
84-
*/
85-
Expr getFreedExpr() { none() }
86-
}

cpp/ql/src/semmle/code/cpp/models/interfaces/Deallocation.qll

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
/**
2+
* Provides an abstract class for modelling functions and expressions that
3+
* deallocate memory, such as the standard `free` function. To use this QL
4+
* library, create one or more QL classes extending a class here with a
5+
* characteristic predicate that selects the functions or expressions you are
6+
* trying to model. Within that class, override the predicates provided
7+
* by the abstract class to match the specifics of those functions or
8+
* expressions. Finally, add a private import statement to `Models.qll`.
9+
*/
10+
11+
import semmle.code.cpp.Function
12+
import semmle.code.cpp.models.Models
13+
14+
/**
15+
* A deallocation function such as `free`.
16+
*/
17+
abstract class DeallocationFunction extends Function {
18+
/**
19+
* Gets the index of the argument that is freed by this function.
20+
*/
21+
int getFreedArg() { none() }
22+
}
23+
24+
/**
25+
* An deallocation expression such as call to `free` or a `delete` expression.
26+
*/
27+
abstract class DeallocationExpr extends Expr {
28+
/**
29+
* Gets the expression that is freed by this function.
30+
*/
31+
Expr getFreedExpr() { none() }
32+
}

0 commit comments

Comments
 (0)